<?php
//send a invite
function leagueinvite(){
	global $_SGET,$_SPOST,$_SREQUEST;
	global $valid,$auid;
	if ($_SERVER['REQUEST_METHOD']=="POST"){
		if(isset($_SREQUEST['userid']) && isset($_SREQUEST['leagueid'])){
			$query = "SELECT * FROM leagues WHERE owner=".$auid." AND id='".$_SREQUEST['leagueid']."'";
			if(mysql_fetch_assoc(mysql_query($query))){ // Check that the auid matches the owners id
				$query = "INSERT INTO leagueinvites (leagueid, userid) VALUES ('$_SREQUEST[leagueid]', '$_SREQUEST[userid]')";
				mysql_query($query);

				//post a invite message
				$subject="League invite";
				$msg="$_SREQUEST[leagueid]";
				$type="2";
				$query = "INSERT INTO messages (`id`, `from`, `to`, `subject`, `text`, `timestamp`, `read`, `type`) 
				VALUES (NULL , '$auid', '".$_SREQUEST['userid']."', '$subject', '$msg',NULL, 0,'$type')";
				$result = mysql_query ($query);
			}
		}else{
			header("HTTP/1.0 404 NOT FOUND");
		}
	}
}
?>